CVE-2009-0231
published 2009-07-15CVE-2009-0231: The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008…
PriorityP258high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
37.45%
98.3th percentile
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5mgg-m9j7-h63w: win32k
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-3020 [CRITICAL] GHSA-5mgg-m9j7-h63w: win32k
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-56xw-8wf9-j3x9: The Embedded OpenType (EOT) Font Engine (T2EMBED
ghsa_unreviewed·2022-05-02
CVE-2009-0231 [HIGH] CWE-119 GHSA-56xw-8wf9-j3x9: The Embedded OpenType (EOT) Font Engine (T2EMBED
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Incorrect Conversion between Numeric Types
mitre_cwe
CWE-681 Incorrect Conversion between Numeric Types
CWE-681: Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Other, Integrity. Impact: Unexpected State, Quality Degradation. The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of
CWE
Numeric Truncation Error
mitre_cwe
CWE-197 Numeric Truncation Error
CWE-197: Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrit
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811http://osvdb.org/55842http://www.securitytracker.com/id?1022543http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlhttp://www.vupen.com/english/advisories/2009/1887https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811http://osvdb.org/55842http://www.securitytracker.com/id?1022543http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlhttp://www.vupen.com/english/advisories/2009/1887https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457
2009-07-15
Published